CVE-2023-29529

matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can eavesdrop on the video and audio of participants using matrix-js-sdk, without their knowledge. To affected matrix-js-sdk users, the attacker...

Improper Input Validation

matrix-js-sdk is vulnerable to Improper Input Validation. The vulnerability is due to inadequate validation in the MatrixClient::getJoinedRooms function, which allows an attacker to replace a tombstoned room with an unrelated attacker-controlled room...

matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Impact matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated attacker-supplied room. Patches The issue has been patched and users should upgrade to...

CVE-2025-59160 matrix-js-sdk has insufficient validation when considering a room to be upgraded by another

Matrix JavaScript SDK is a Matrix Client-Server SDK for JavaScript and TypeScript. matrix-js-sdk before 38.2.0 has insufficient validation of room predecessor links in MatrixClient::getJoinedRooms, allowing a remote attacker to attempt to replace a tombstoned room with an unrelated...

CVE-2024-42369

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the predecessors form a cycle. The matrix-js-sdk's getRoomUpgradeHistory function will infinitely recurse in this case, causing the code to hang. This...

Linux Distros Unpatched Vulnerability : CVE-2024-50336

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via...

Linux Distros Unpatched Vulnerability : CVE-2024-42369

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. A malicious homeserver can craft a room or room structure such that the...

Linux Distros Unpatched Vulnerability : CVE-2022-36059

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 19.4.0 events sent with special strings in key places can...

Linux Distros Unpatched Vulnerability : CVE-2023-28427

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. In versions prior to 24.0.0 events sent with special strings in key places can...

Linux Distros Unpatched Vulnerability : CVE-2023-29529

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. An attacker present in a room where an MSC3401 group call is taking place can...

Linux Distros Unpatched Vulnerability : CVE-2024-47080

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - matrix-js-sdk is the Matrix Client-Server SDK for JavaScript and TypeScript. In matrix-js-sdk versions versions 9.11.0 through 34.7.0, the method...

Linux Distros Unpatched Vulnerability : CVE-2021-40823

The Linux/Unix host has one or more packages installed that are impacted by a vulnerability without a vendor supplied patch available. - A logic error in the room key sharing functionality of matrix-js-sdk aka Matrix Javascript SDK before 12.4.1 allows a malicious Matrix homeserver present in an...

Updated thunderbird packages fix security vulnerability

Matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal. CVE-2024-50336...

MGASA-2024-0395 Updated thunderbird packages fix security vulnerability

Matrix-js-sdk has insufficient MXC URI validation which could allow client-side path traversal. CVE-2024-50336...

SUSE CVE-2024-50336

matrix-js-sdk is a Matrix messaging protocol Client-Server SDK for JavaScript. matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the...

Directory Traversal

matrix-js-sdk is vulnerable to Directory Traversal. The vulnerability is due to insufficient validation of crafted MXC URIs, allowing a malicious room member to trigger arbitrary authenticated GET requests to the client's homeserver...

FreeBSD : Matrix clients -- mxc uri validation in js sdk (574f7bc9-a141-11ef-84e9-901b0e9408dc)

The version of FreeBSD installed on the remote host is prior to tested version. It is, therefore, affected by a vulnerability as referenced in the 574f7bc9-a141-11ef-84e9-901b0e9408dc advisory. matrix-js-sdk upstream reports: matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversa...

matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal

Summary matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Details The Matrix specification demands...

@airgap/beacon-sdk (>=0.0.1 <=0.0.3-beta.9), @caelum-tech/lorena-matrix-client (>=1.3.0 <=2.1.2) +52 more potentially affected by CVE-2024-50336 via matrix-js-sdk (>=0.0.4 <=34.0.0)

matrix-js-sdk NPM version =0.0.4, =0.0.1, =1.3.0, =1.0.0, =2.0.0, =2.0.0-alpha.3, =2.0.0-alpha.1, =1.4.1, =0.0.1, =0.0.0-development, =0.17.0, =4.0.1, =1.2.0, =1.1.0, =1.8.0-beta.1 and more Source cves: CVE-2024-50336 Source advisory: OSV:GHSA-XVG8-M4X3-W6XR...

GHSA-XVG8-M4X3-W6XR matrix-js-sdk has insufficient MXC URI validation which allows client-side path traversal

Summary matrix-js-sdk before 34.11.0 is vulnerable to client-side path traversal via crafted MXC URIs. A malicious room member can trigger clients based on the matrix-js-sdk to issue arbitrary authenticated GET requests to the client's homeserver. Details The Matrix specification demands...